The point is… It does not really matter, as long as your password is not trivial the security relies more in the algorithm than in the chosen password.
With bcrypt + round parameters, password stretching or any other key derivation technique, even weak passwords cant be cracked in a realistic time frame
If you are generating your password in your head then it is probably trivial in some important way. Even if you are a password expert who knows all the ways humans get passwords wrong your password is probably trivial in ways you will realize as you generate it.
Here trivial means that it shouldn’t appear in a dictionary so it will reddit the first million most probably password attack, the crypto techniques will take care of the rest to make them un feasible
The point is… It does not really matter, as long as your password is not trivial the security relies more in the algorithm than in the chosen password.
With bcrypt + round parameters, password stretching or any other key derivation technique, even weak passwords cant be cracked in a realistic time frame
If you are generating your password in your head then it is probably trivial in some important way. Even if you are a password expert who knows all the ways humans get passwords wrong your password is probably trivial in ways you will realize as you generate it.
Here trivial means that it shouldn’t appear in a dictionary so it will reddit the first million most probably password attack, the crypto techniques will take care of the rest to make them un feasible